Use a fetched MD if appropriate in ssl3_cbc_digest_record
HMACs used via the legacy EVP_DigestSign interface are strange in
that they use legacy codepath's which eventually (under the covers)
transform the operation into a new style EVP_MAC. This can mean the
digest in use can be a legacy one, so we need to be careful with any
digest we extract from the ctx.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)